jeremy wright

Auto Added by WPeMatico

UK to toughen telecoms security controls to shrink 5G risks

Amid ongoing concerns about security risks posed by the involvement of Chinese tech giant Huawei in 5G supply, the U.K. government has published a review of the telecoms supply chain, which concludes that policy and regulation in enforcing network security needs to be significantly strengthened to address concerns.

However, it continues to hold off on setting an official position on whether to allow or ban Huawei from supplying the country’s next-gen networks — as the U.S. has been pressurizing its allies to do.

Giving a statement in parliament this afternoon, the U.K.’s digital minister, Jeremy Wright, said the government is releasing the conclusions of the report ahead of a decision on Huawei so that domestic carriers can prepare for the tougher standards it plans to bring in to apply to all their vendors.

“The Review has concluded that the current level of protections put in place by industry are unlikely to be adequate to address the identified security risks and deliver the desired security outcomes,” he said. “So, to improve cyber security risk management, policy and enforcement, the Review recommends the establishment of a new security framework for the UK telecoms sector. This will be a much stronger, security based regime than at present.

“The foundation for the framework will be a new set of Telecoms Security Requirements for telecoms operators, overseen by Ofcom and government. These new requirements will be underpinned by a robust legislative framework.”

Wright said the government plans to legislate “at the earliest opportunity” — to provide the regulator with stronger powers to to enforcement the incoming Telecoms Security Requirements, and to establish “stronger national security backstop powers for government.”

The review suggests the government is considering introducing GDPR-level penalties for carriers that fail to meet the strict security standards it will also be bringing in.

First policy response will be ‘soft’, common cybersecurity standards. Then regulations, with strict standards and #GDPR like fines. New powers allowing to compel telecoms to do something. And work to increase diversity. pic.twitter.com/nBLWneFUDK

— Lukasz Olejnik (@lukOlejnik) July 22, 2019

“Until the new legislation is put in place, government and Ofcom will work with all telecoms operators to secure adherence to the new requirements on a voluntary basis,” Wright told parliament today. “Operators will be required to subject vendors to rigorous oversight through procurement and contract management. This will involve operators requiring all their vendors to adhere to the new Telecoms Security Requirements.

“They will also be required to work closely with vendors, supported by government, to ensure effective assurance testing for equipment, systems and software, and to support ongoing verification arrangements.”

The review also calls for competition and diversity within the supply chain — which Wright said will be needed “if we are to drive innovation and reduce the risk of dependency on individual suppliers.”

The government will therefore pursue “a targeted diversification strategy, supporting the growth of new players in the parts of the network that pose security and resilience risks,” he added.

“We will promote policies that support new entrants and the growth of smaller firms,” he also said, sounding a call for security startups to turn their attention to 5G.

Government would “seek to attract trusted and established firms to the UK market,” he added — dubbing a “vibrant and diverse telecoms market” as both good for consumers and for national security.

“The Review I commissioned was not designed to deal only with one specific company and its conclusions have much wider application. And the need for them is urgent. The first 5G consumer services are launching this year,” he said. “The equally vital diversification of the supply chain will take time. We should get on with it.”

Last week two U.K. parliamentary committees espoused a view that there’s no technical reason to ban Huawei from all 5G supply — while recognizing there may be other considerations, such as geopolitics and human rights, which impact the decision.

The Intelligence and Security Committee also warned that what it dubbed the “unnecessarily protracted” delay in the government taking a decision about 5G suppliers is damaging U.K. relations abroad.

Despite being urged to get a move on the specific issue of Huawei, it’s notable that the government continues to hold off. Albeit, a new prime minister will be appointed later this week, after votes of Conservative Party members are counted — which may be contributing to ongoing delay.

“Since the US government’s announcement [on May 16, adding Huawei and 68 affiliates to its Entity List on national security grounds] we have sought clarity on the extent and implications but the position is not yet entirely clear. Until it is, we have concluded it would be wrong to make specific decisions in relation to Huawei,” Wright said, adding: “We will do so as soon as possible.”

In a press release accompanying the telecoms supply chain review the government said decisions would be taken about high risk vendors “in due course.”

Earlier this year a leak from a meeting of the U.K.’s National Security Council suggested the government was preparing to give an amber light to Huawei to continue supplying 5G — though limiting its participation to non-core portions of networks.

The Science & Technology Committee also recommended the government mandate the exclusion of Huawei from the core of 5G networks.

Wright’s statement appears to hint that that position remains the preferred one — barring a radical change of policy under a new PM — with, in addition to talk of encouraging diversity in the supply chain, the minister also flagging the review’s conclusion that there should be “additional controls on the presence in the supply chain of certain types of vendor which pose significantly greater security and resilience risks to UK telecoms.”

“Additional controls” doesn’t sound like a euphemism for an out-and-out ban.

In a statement responding to the review, Huawei expressed confidence that it’s days of supplying U.K. 5G are not drawing to a close — writing:

The UK Government’s Supply Chain Review gives us confidence that we can continue to work with network operators to rollout 5G across the UK. The findings are an important step forward for 5G and full fibre broadband networks in the UK and we welcome the Government’s commitment to “a diverse telecoms supply chain” and “new legislation to enforce stronger security requirements in the telecoms sector”. After 18 years of operating in the UK, we remain committed to supporting BT, EE, Vodafone and other partners build secure, reliable networks.”

The evidence shows excluding Huawei would cost the UK economy £7 billion and result in more expensive 5G networks, raising prices for anyone with a mobile device. On Friday, Parliament’s Intelligence & Security Committee said limiting the market to just two telecoms suppliers would reduce competition, resulting in less resilience and lower security standards. They also confirmed that Huawei’s inclusion in British networks would not affect the channels used for intelligence sharing.

A spokesman for the company told us it already supplies non-core elements of U.K. carriers’ EE and Vodafone’s network, adding that it’s viewing Wright’s statement as an endorsement of that status quo.

While the official position remains to be confirmed, all the signals suggest the U.K.’s 5G security strategy will be tied to tightened regulation and oversight, rather than follow a U.S. path of seeking to shut out Chinese tech giants.

Commenting on the government’s telecoms supply chain review in a statement, Ciaran Martin, CEO of the U.K.’s National Cyber Security Centre, said: “As the UK’s lead technical authority, we have worked closely with DCMS [the Department for Digital, Culture, Media and Sport] on this review, providing comprehensive analysis and cyber security advice. These new measures represent a tougher security regime for our telecoms infrastructure, and will lead to higher standards, much greater resilience and incentives for the sector to take cyber security seriously.

“This is a significant overhaul of how we do telecoms security, helping to keep the UK the safest place to live and work online by ensuring that cyber security is embedded into future networks from inception.”

Although, tougher security standards for telecoms combined with updated regulations that bake in major fines for failure suggest Huawei will have its work cut out not to be excluded by the market, as carriers will be careful about vendors as they work to shrink their risk.

Earlier this year a report by an oversight body that evaluates its approach to security was withering — finding “serious and systematic defects” in its software engineering and cybersecurity competence.

Powered by WPeMatico

No technical reason to exclude Huawei as 5G supplier, says UK committee

A UK parliamentary committee has concluded there are no technical grounds for excluding Chinese network kit vendor Huawei from the country’s 5G networks.

In a letter from the chair of the Science & Technology Committee to the UK’s digital minister Jeremy Wright, the committee says: “We have found no evidence from our work to suggest that the complete exclusion of Huawei from the UK’s telecommunications networks would, from a technical point of view, constitute a proportionate response to the potential security threat posed by foreign suppliers.”

Though the committee does go on to recommend the government mandate the exclusion of Huawei from the core of 5G networks, noting that UK mobile network operators have “mostly” done so already — but on a voluntary basis.

If it places a formal requirement on operators not to use Huawei for core supply the committee urges the government to provide “clear criteria” for the exclusion so that it could be applied to other suppliers in future.

Reached for a response to the recommendations, a government spokesperson told us: “The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.”

The spokesperson for the Department for Digital, Media, Culture and Sport added: “The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.”

In recent years the US administration has been putting pressure on allies around the world to entirely exclude Huawei from 5G networks — claiming the Chinese company poses a national security risk.

Australia announced it was banning Huawei and another Chinese vendor ZTE from providing kit for its 5G networks last year. Though in Europe there has not been a rush to follow the US lead and slam the door on Chinese tech giants.

In April leaked information from a UK Cabinet meeting suggested the government had settled on a policy of granting Huawei access as a supplier for some non-core parts of domestic 5G networks, while requiring they be excluded from supplying components for use in network cores.

On this somewhat fuzzy issue of delineating core vs non-core elements of 5G networks, the committee writes that it “heard unanimously and clearly” from witnesses that there will still be a distinction between the two in the next-gen networks.

It also cites testimony by the technical director of the UK’s National Cyber Security Centre (NCSC), Dr Ian Levy, who told it “geography matters in 5G”, and pointed out Australia and the UK have very different “laydowns” — meaning “we may have exactly the same technical understanding, but come to very different conclusions”.

In a response statement to the committee’s letter, Huawei SVP Victor Zhang welcomed the committee’s “key conclusion” before going on to take a thinly veiled swiped at the US — writing: “We are reassured that the UK, unlike others, is taking an evidence based approach to network security. Huawei complies with the laws and regulations in all the markets where we operate.”

The committee’s assessment is not all comfortable reading for Huawei, though, with the letter also flagging the damning conclusions of the most recent Huawei Oversight Board report which found “serious and systematic defects” in its software engineering and cyber security competence — and urging the government to monitor Huawei’s response to the raised security concerns, and to “be prepared to act to restrict the use of Huawei equipment if progress is unsatisfactory”.

Huawei has previously pledged to spend $2BN addressing security shortcomings related to its UK business — a figure it was forced to qualify as an “initial budget” after that same Oversight Board report.

“It is clear that Huawei must improve the standard of its cybersecurity,” the committee warns.

It also suggests the government consults on whether telecoms regulator Ofcom needs stronger powers to be able to force network suppliers to clean up their security act, writing that: “While it is reassuring to hear that network operators share this point of view and are ready to use commercial pressure to encourage this, there is currently limited regulatory power to enforce this.”

Another committee recommendation is for the NCSC to be consulted on whether similar security evaluation mechanisms should be established for other 5G vendors — such as Ericsson and Nokia: Two European based kit vendors which, unlike Huawei, are expected to be supplying core 5G.

“It is worth noting that an assurance system comparable to the Huawei Cyber Security Evaluation Centre does not exist for other vendors. The shortcomings in Huawei’s cyber security reported by the Centre cannot therefore be directly compared to the cyber security of other vendors,” it notes.

On the issue of 5G security generally the committee dubs this “critical”, adding that “all steps must be taken to ensure that the risks are as low as reasonably possible”.

Where “essential services” that make use of 5G networks are concerned, the committee says witnesses were clear such services must be able to continue to operate safely even if the network connection is disrupted. Government must ensure measures are put in place to safeguard operation in the event of cyber attacks, floods, power cuts and other comparable events, it adds. 

While the committee concludes there is no technical reason to limit Huawei’s access to UK 5G, the letter does make a point of highlighting other considerations, most notably human rights abuses, emphasizing its conclusion does not factor them in at all — and pointing out: “There may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.

It adds that Huawei’s global cyber security and privacy officer, John Suffolk, confirmed that a third party had supplied Huawei services to Xinjiang’s Public Security Bureau, despite Huawei forbidding its own employees from misusing IT and comms tech to carry out surveillance of users.

The committee suggests Huawei technology may therefore be being used to “permit the appalling treatment of Muslims in Western China”.

Powered by WPeMatico

UK law review eyes abusive trends like deepfaked porn and cyber flashing

The UK government has announced the next phase of a review of the law around the making and sharing of non-consensual intimate images, with ministers saying they want to ensure it keeps pace with evolving digital tech trends.

The review is being initiated in response to concerns that abusive and offensive communications are on the rise, as a result of it becoming easier to create and distribute sexual images of people online without their permission.

Among the issues the Law Commission will consider are so-called ‘revenge porn’, where intimate images of a person are shared without their consent; deepfaked porn, which refers to superimposing a real photograph of a person’s face onto a pornographic image or video without their consent; and cyber flashing, the unpleasant practice of sending unsolicited sexual images to a person’s phone by exploiting technologies such as Bluetooth that allow for proximity-based file sharing.

On the latter practice, the screengrab below is of one of two unsolicited messages I received as pop-ups on my phone in the space of a few seconds while waiting at a UK airport gate — and before I’d had a chance to locate the iOS master setting that actually nixes Bluetooth.

On iOS, even without accepting the AirDrop the cyberflasher is still able to send an unsolicited placeholder image with their request.

Safe to say, this example is at the tamer end of what tends to be involved. More often it’s actual dick pics fired at people’s phones, not a parrot-friendly silicone substitute…

cyber flashing

A patchwork of UK laws already covers at least some of the offensive and abusive communications in question, such as the offence of voyeurism under the Sexual Offences Act 2003, which criminalises certain non-consensual photography taken for sexual gratification — and carries a two-year maximum prison sentence (with the possibility that a perpetrator may be required to be listed on the sexual offender register); while revenge porn was made a criminal offence under section 33 of the Criminal Justice and Courts Act 2015.

But the government says that while it feels the law in this area is “robust”, it is keen not to be seen as complacent — hence continuing to keep it under review.

It will also hold a public consultation to help assess whether changes in the law are required.

The Law Commission published Phase 1 of their review of Abusive and Offensive Online Communications on November 1 last year — a scoping report setting out the current criminal law which applies.

The second phase, announced today, will consider the non-consensual taking and sharing of intimate images specifically — and look at possible recommendations for reform. Though it will not report for two years so any changes to the law are likely to take several years to make it onto the statute books.

Among specific issues the Law Commission will consider is whether anonymity should automatically be granted to victims of revenge porn.

Commenting in a statement, justice minister Paul Maynard said: “No one should have to suffer the immense distress of having intimate images taken or shared without consent. We are acting to make sure our laws keep pace with emerging technology and trends in these disturbing and humiliating crimes.”

Maynard added that the review builds on recent changes to toughen UK laws around revenge porn and to outlaw ‘upskirting’ in English law; aka the degrading practice of taking intimate photographs of others without consent.

“Too many young people are falling victim to co-ordinated abuse online or the trauma of having their private sexual images shared. That’s not the online world I want our children to grow up in,” added the secretary of state for digital issues, Jeremy Wright, in another supporting statement.

“We’ve already set out world-leading plans to put a new duty of care on online platforms towards their users, overseen by an independent regulator with teeth. This Review will ensure that the current law is fit for purpose as we deliver our commitment to make the UK the safest place to be online.”

The Law Commission review will begin on July 1, 2019 and report back to the government in summer 2021.

Terms of Reference will be published on the Law Commission’s website in due course.

Powered by WPeMatico

UK sets out plan to spend billions on fiber and 5G broadband for all

The UK government has set out a package of measures it’s hoping will futureproof domestic networks and boost international competitiveness by supporting a nationwide rollout of full fiber broadband and 5G mobile technology.

The Future Telecoms Infrastructure Review, published today, follows the announcement of a market review last year as part of the government’s Industrial Strategy as it seeks to chart a technology-enabled course for growth and competitiveness.

Yet, at the same time, the UK seriously lags several European competitors on the fiber broadband front — so the strategy is also intended to try to reboot current poor performance.

The government says its telecoms plan emphasizes greater consumer choice and initiatives to promote quicker rollout — and an eventual full switch over — from copper to fiber.

It wants full fibre broadband to reach 15 million premises (up from the ’10M over the next decade’ set out in the Conservative party manifesto) by 2025, and also 5G mobile network coverage to reach the majority of the population.

By 2033, it wants full fiber broadband coverage to reach across all of the UK.

Currently the UK only has 4% full fiber connections, which compares dismally to 71% in Spain and 89% in Portugal. While France has around 28% — which the government notes is “increasing quickly”.

Included in the government’s strategy is public investment in full fiber for rural areas; and new legislation to guarantee full fiber connections in new build developments; as well as a series of regulatory reforms intended to drive investment and competition — which it says will be tailored to different local market conditions.

It’s also planning for an industry-led switch over from copper to full fiber — to avoid businesses being saddled with the expense and burden of running copper and fiber networks in parallel.

There’s no fixed timing for this, as the government says it will depend on the pace of fiber rollouts and take-up, but it suggests it’s “realistic to assume that switchover could happen in the majority of the country by 2030”.

To boost competition to drive commercial fiber rollouts, the government is proposing regulatory reform to allow for “unrestricted access” to Openreach ducts and poles — i.e. the wholly BT-owned company’s own physical infrastructure where fiber can be laid — for both residential and business broadband use, including for essential mobile infrastructure.

It also wants to open up other avenues for laying broadband fiber, saying other existing infrastructure (including pipes and sewers) owned by other utilities such as power, gas and water, should be “easy to access, and available for both fixed and mobile use”. 

And it says it will shortly publish consultations on the proposed legislative changes to streamline wayleaves and mandate fiber connections in new builds.

Another key recommendation in the review, given that the expense of digs to lay fiber remains one of the biggest barriers to broadband upgrades, is for a new nationwide framework aimed at reducing the costs, time and disruption caused by street-works by standardising the approach across the country.

With its planned regulatory tweaks, the government reckons that market competition will be able to deliver full fiber networks across the majority of the UK (~80%) — leaving around ~20% which it’s expecting will require “bespoke solutions to ensure rollout of networks”. And for around half of that fifth it also expects taxpayer funding will be needed to deliver a fiber/5G upgrade.

It estimates that nationwide availability of ‘full fiber’ is likely to require additional (public) funding of around £3BN to £5BN to support commercial investment in the final ~10% of areas that would otherwise be overlooked — stressing that these “often rural areas must not be forced to wait until the rest of the country has connectivity before they can access gigabit-capable networks”.

So it’s planning to pursue an “outside-in” strategy, allowing network competition to serves commercially viable areas while laying down government support investment in parallel on what it describes as “the most difficult to reach areas”.

“We have already identified around £200M within the existing Superfast broadband programme that can further the delivery of full fibre networks immediately,” it notes on that.

Although it’s not clear at this stage how the government intends to fund the full proposals for a taxpayer-funded broadband bill running to multiple billions.

On the mobile connectivity front, it’s proposing increased access to spectrum for “innovative 5G services”, and says it will allow mobile network operators to make far greater use of government buildings to boost coverage across the UK.

“We should consider whether more flexible, shared spectrum models can maintain network competition between MNOs while also increasing access to spectrum to support new investment models, spurring innovation in industrial internet of things, wireless automation and robotics, and improving rural coverage,” it writes on that.

Over the longer term it says is expecting to see a more converged telecoms sector — so it’s leaving itself some ‘last mile’ wiggle room on the ‘full fiber’ push, for example by pointing out that: “Fixed fibre networks and 5G are complementary technologies, and 5G will require dense fibre networks. In some places, 5G may provide a more cost-effective way of providing ultra-fast connectivity to homes and businesses.”

“We want everyone in the UK to benefit from world-class connectivity no matter where they live, work or travel,” said the new Secretary of State for digital, culture, media and sport, Jeremy Wright, commenting on the review in a statement, and dubbing it a “radical new blueprint for the future of telecommunications in this country”.

“[The strategy] will increase competition and investment in full fiber broadband, create more commercial opportunities and make it easier and cheaper to roll out infrastructure for 5G,” he added.

The UK’s incumbent telco, BT, which owns and operates the country’s largest broadband network, has long pursued the opposite strategy to the one the government is here pursuing: i.e. by seeking to eke out its own ex-monopoly copper infrastructure, such as by applying technologies that speed up fiber to the cabinet technology, instead of making the major financial commitment to invest in substantially expanding full fiber to the home coverage (and thereby futureproof national network infrastructure).

For years competitors (and, indeed, frustrated consumers) have also accused the company of foot-dragging on providing access to its network — thereby undermining other commercial players’ ability to fund and build out next-gen network coverage.

Last year BT agreed with telecoms watchdog Ofcom to legally separate its network division Openreach — around a decade after a functional separation has been imposed by the regulator. Albeit, it’s still not the full structural separation some have called for.

“It is too early to determine whether legal separation will be sufficient to deliver positive changes on investment in full fibre infrastructure,” writes the government in its review, adding that it will “closely monitor legal separation, including Ofcom’s reports on the effectiveness of the new arrangements”.

“The Government will consider all additional measures if BT Group fails to deliver its commitments and regulatory obligations, and if Openreach does not deliver on its purpose of investing in ways that respond to the needs of its downstream customers,” it adds.

Commenting on the government’s strategy, an Openreach spokesperson told us: “We’re encouraged by the Government’s plan to promote competition, tackle red tape and bust the barriers to investment. As the national provider, we’re ambitious and want to build full fibre broadband to 10 million premises and beyond — so it’s vital that this becomes an attractive investment without creating digital inequality or a lack of choice for consumers and businesses across the country. As the Government acknowledges, the economics of building digital infrastructure remain challenging for everyone, and we believe a review of the current business rates regime is necessary to stimulate the whole sector.

We’re already building full fibre to around 10,000 homes and businesses every week, and by 2020 we’ll have reached 3 million,” the spokesperson added. “We have a huge, world class engineering team and wherever we build, we’ll deliver the best quality network with the highest levels of service and built-in competition and choice.”

One aspect of the strategy the government is not trumpeting quite so loudly in its PR around the announcement is an intent to promote what it describes as “stable and long-term regulation” as part of its strategy to drive increased competition and unlock business investments.

On this it writes that the overarching strategic priority to “promote efficient competition and investment in world-class digital networks” should be “prioritised over interventions to further reduce retail prices in the near term, recognising these longer-term benefits”.

In the review it suggests moving to longer, five year review periods, for instance — saying this “could provide greater regulatory stability and promote investment”. It also writes that it wants Ofcom to publish guidance that “clearly sets out the approach and information it will use in determining a ‘fair bet’ return”.

It’s therefore possible that UK consumers could end up paying twice over to help fund national fiber broadband infrastructure upgrades; i.e. not just via direct subsidies to fund rural rollouts but also, potentially, via higher broadband prices too. Albeit, the government says that in its view “the interests of consumers are safeguarded as fiber markets become more competitive”.

Though in less commercially attractive areas, where there could be a greater risk of price inflation, the government’s small print does include the recognition that regulatory interventions — such as price controls — may indeed be required. Though of course any such controls would only come in after consumers had been being stung…

“For areas where there is actual or prospective effective competition between networks, Government would not anticipate the need for regulation,” it writes. “For other areas, we would expect the regulatory model for to evolve over time as networks are established. If market power emerges, regulated access (including price controls) may be needed to address competition concerns. These detailed regulatory decisions will be for Ofcom to take.”

This report was updated with comment from Openreach 

Powered by WPeMatico